Roberto,
Check this link www.intrupro.com
-Ravi
Roberto Perdisci wrote:
Hi all,
does anyone know some IDS/IPS products implementing Protocol Anomaly
Detection at the application level? I mean a product wich implement
some techniques, e.g. Finite State Automaton, to find out anomalies
during a client-server command/respose session (e.g. FTP, HTTP, SMTP,
etc...). The FSA, or conceptually equivalent models, should be
implemented following the protocol specifications (RFC) and it would
be able to monitor the client-server session checking for anomalies
into command/response sequences through monitoring anomaly transitions
between states.
I know Symantec IPS/IDS products implement some of those techniques, is it true?
I'm particularly interested in white papers or (even better)
scientific papers explaining concepts and/or algorithms.
thank you
roberto
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
